Skip to content
/ ergo-pe-av Public

🧠 🦠 An artificial neural network and API to detect Windows malware, based on Ergo and LIEF.

License

View license
173 stars 37 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

evilsocket/ergo-pe-av

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
checkpoints
checkpoints
 
 
.gitignore
.gitignore
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
attribute.names
attribute.names
 
 
attributes.relevance.json
attributes.relevance.json
 
 
classes.json
classes.json
 
 
corr_matrix.png
corr_matrix.png
 
 
encoder.py
encoder.py
 
 
history.json
history.json
 
 
history.png
history.png
 
 
metadata.json
metadata.json
 
 
model.h5
model.h5
 
 
model.py
model.py
 
 
model.yml
model.yml
 
 
pca_explained_ratio.png
pca_explained_ratio.png
 
 
pca_projection.png
pca_projection.png
 
 
prepare.py
prepare.py
 
 
requirements.txt
requirements.txt
 
 
roc.png
roc.png
 
 
stats.json
stats.json
 
 
stats.txt
stats.txt
 
 
test_cm.png
test_cm.png
 
 
train.py
train.py
 
 
training_cm.png
training_cm.png
 
 
validation_cm.png
validation_cm.png
 
 

Repository files navigation

An artificial neural network and API to detect Windows malware, based on Ergo and LIEF.

Installation

cd /path/to/ergo-pe-av
sudo pip3 install -r requirements.txt

Use as an API

ergo serve /path/to/ergo-pe-av --classes "clean, malware"

From the client, to scan a file that the server can access too:

curl "http://localhost:8080/?x=/path/to/file.exe"
# or
curl --data "x=/path/to/file.exe" "http://localhost:8080/"

To upload the whole file:

curl -F "x=@/path/to/file.exe" "http://localhost:8080/"

To encode a file to a vector of raw features:

curl -F "x=@/path/to/file.exe" "http://localhost:8080/encode"

To scan a vector of raw features:

curl --data "x=0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,1.0,0.0,0.0,0.847058823529,......" "http://localhost:8080/"

Model Statistics

The dataset is made of ~200000 samples divided in two subfolders:

  • classes/pe-malicious with 100000 malware samples from VirusTotal
  • classes/pe-clean with 100000 clean samples

The dataset.csv training file has been generated with:

ergo encode ergo-pe-av /media/evilsocket/4TB/datapath-pe/classes --filter "*.exe"
Training ROC/AUC
Training Validation Testing

License

Made with ♥ by the dev team and it is released under the GPL 3 license.

About

🧠 🦠 An artificial neural network and API to detect Windows malware, based on Ergo and LIEF.

Topics

api machine-learning gpu malware keras antivirus ergo

Resources

Readme

License

View license
Activity

Stars

173 stars

Watchers

12 watching

Forks

37 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages